The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stuart Anderson <s.anderson AT qmul.ac.uk>]

Hi all,

I believe I'm the user Nik mentioned. I can successfully log in using my 
institution credentials, but once I'm in I get a page saying “You are not 
managing any institutions.”. I am new to CAT (granted access 19/4/18), but 
had access yesterday to configure our installers but don't appear to have it 
today.

My unique identifier, if it helps, is shown as 
eduPersonTargetedID:Px9LWf53LFaDUdPWooBecsCT67U=!https://idp.shibboleth.qmul.ac.uk/idp/shibboleth.

Any help/advice appreciated.

Regards,

Stuart
-- 
Stuart Anderson 
Network Delivery Officer, IT Services 
Queen Mary University of London
Tel: +44 (0)20 7882 5629 

> -----Original Message-----
> From: Nik Mitev 
> [mailto:nik.mitev AT jisc.ac.uk]
> Sent: 03 May 2018 15:56
> To: Dubravko Voncina 
> <dubravko.voncina AT srce.hr>
> Cc: eduroam CAT Feedback 
> <cat-users AT lists.geant.org>
> Subject: Re: [[cat-users]] Problem logging in to CAT
> 
> Hi Dubravko,
> 
> Thanks for that - I am logging in through the Geant guest IdP, do you know
> who administers it?
> 
> I will ask the UK user who originally reported the issue to try and log in 
> and if
> needed email here directly as well.
> 
> Thanks again,
> Nik
> 
> -------- Original Message --------
> From: Dubravko Voncina
> Sent: Thursday, May 3, 2018 3:35 PM BST
> To: Nik Mitev
> Cc: eduroam CAT Feedback
> Subject: [[cat-users]] Problem logging in to CAT
> 
> Hello again Nik,
> 
> I believe I've found the cause of your problem. Apparently, your IdP 
> provides
> string value of an attribute 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'
> (eduPersonTargetedID) which is invalid eduPersonTargetedID value format.
> This was tolerated in SimpleSAMLphp versions prior to 1.15, but latest 
> stable
> version of SimpleSAMLphp requires eduPersonTargetedID to be provided as
> an XML construct.
> 
> For example, your IdP provides SAML authentication response which
> contains following attribute statement:
> 
> 
> <saml:AttributeStatement>
>     <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
> </saml:AttributeStatement>
> 
> 
> but instead, your IdP should provide attribute statement that roughly looks
> like:
> 
> 
> <saml:AttributeStatement>
>     <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
>     </saml:Attribute>
>     <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>         <saml:AttributeValue>
>             <saml:NameID NameQualifier="https://gidp.geant.net";
> SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/
> metadata.php/default-sp"
> Format="urn:oasis:names:tc:SAML:2.0:nameid-
> format:persistent">some_value</saml:NameID>
>         </saml:AttributeValue>
>     </saml:Attribute>
> </saml:AttributeStatement>
> 
> 
> I'm afraid there's not much we can do about it, this problem will have to be
> fixed at the IdP side.
> 
> Best Regards,
> 
> Dubravko Voncina
> Middleware and Data Services Department
> University of Zagreb, University Computing Centre, www.srce.unizg.hr
> dubravko.voncina AT srce.hr,
>  tel: +385 98 219273, fax: +385 1 6165559
> 
> 
> 
> 
> On 03 May 2018, at 14:24, Nik Mitev 
> <nik.mitev AT jisc.ac.uk>
>  wrote:
> 
> He had logged in earlier yes. And I certainly have logged in earlier too :)
> 
> Nik
> 
> -------- Original Message --------
> From: Stefan Winter
> Sent: Thursday, May 3, 2018 12:59 PM BST
> To: 
> cat-users AT lists.geant.org
> Subject: [[cat-users]] Problem logging in to CAT
> 
> Hi,
> 
> I have a ticket from a user who reports he is failing to log in to CAT, and 
> when
> I tried to log in myself to see if there is anything obvious my login 
> failed as
> well with the message "An unhandled exception was thrown." and a tracking
> id of b80f6f0c25
> 
> Debug:  SAML2\Exception\RuntimeException: A
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" (EPTI) attribute value must be a NameID,
> none found for value no. "0
> 
> Let me know if you need any further info.
> 
> This coincides suspiciously with the maintenance work Miro announced for
> earlier today.
> 
> Did the user log in successfully earlier, or is it a brand new user? The 
> latter
> could mean a misconfigured IdP is at fault, the former would suggest it's
> more like an update problem on the SP side.
> 
> Greetings,
> 
> Stefan
> 
> 
> 
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
> 
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
> 
> 
> 
> 
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
> 
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
>